The Computers, Privacy and Data Protection (CPDP) conference is an annual gathering that brings together academics, policymakers, industry representatives, civil society, students, and EU institutions to discuss emerging digital policy challenges. This year’s theme was ‘Competing Visions, Shared Futures’, the 19th in the series, and it hosted approximately 150 panels over the span of 3 days in Brussels.
What is CPDP?
CPDP’s value lies in its multidisciplinary approach. With academics presenting their work or debating topical issues, as well as with industry and policy experts bringing their expertise to the table, the event creates a space for honest conversations among participants.
The conference is sponsored by organisations such as Google, TikTok, Apple, as well as the European Data Protection Supervisor (EDPS), European Union Agency for Fundamental Rights (FRA) and VBU. Google even presented its Banana AI model in a photo booth, allowing participants to modify photos they took in the booth.
Alongside panels, CPDP hosts an array of workshops, short films, artwork, radio programming, promotion booths, dedicated DPO, youth, finance and IT tracks, book launches, and pop-up exhibitions. The event always closes the day in style with an open bar and a party to chat and network at.
CPDP is not a typical conference with just panels, attendees, moderators, and lengthy speeches. The conference inspires creativity and gives the freedom to achieve it. This was proven by the diverse topics showcased in the event’s schedule over the three days.
From a fireside chat with the artist, Simon Denny, behind the conference’s art, who uses AI as a medium in some of his work, to typical discussions about the Digital Omnibus or tracking period apps, all the way to an exiled journalist talking about Russian internet censorship. There was something for everyone.
Image via Magnific
What was presented?
The breadth of topics discussed at CPDP offers insight into the issues currently shaping Europe’s digital policy agenda. There were approximately 150 panels in total, with data protection, AI, the Digital Omnibus and the topics of digital sovereignty receiving the most attention. Data protection received the most attention overall, as 33 panels were dedicated to the topic. This was followed by 26 panels on AI, 12 on the Digital Omnibus, 10 on digital sovereignty, and 7 on child-related protection.
The distribution of panels reflects the growing prominence of AI in digital policy discussions. However, data protection topics, including privacy and the GDPR, are still the frontrunners in terms of topic relevance. Newer and emerging topics reveal what is topical in the digital world.
Growing concerns over US tech reliance have intensified discussions about EU digital sovereignty. Alongside this, another heavily debated and sensitive topic is child protection in the online context and its generative AI implications, which raises questions about how to better protect children online.
Emerging topics at CPDP
Digital sovereignty is a challenging topic as it encompasses a lot and has yet to be defined, meaning that taking action can look different for a wide variety of actors. Several discussions framed digital sovereignty as a pathway towards greater digital independence and reduced reliance on external technology providers. In order to try to achieve digital sovereignty, public procurement should be steered away from non-EU actors and towards EU businesses to develop a European stack.
Yes, private partnerships are important, but public ones set the tone. Several participants argued that public procurement choices will play an important role in determining whether EU can strengthen domestic digital capabilities and reduce strategic dependencies. Digital sovereignty needs to come from all corners of the market and society; that is the challenge.
A very interesting panel on data protection and AI, the GDPR, and privacy occurred. In Academic Session I, Stephanie von Maltzan presented findings about her groundbreaking research on LLM unlearning. The larger the LLM, the more data points it will be trained on and the more complex its ‘web’ will be.
Removing data points is not a common practice, given how data points interact with each other, meaning that complexity overrides certain fundamental rights. For example, when data subjects invoke their right to erasure under Article 17 of the GDPR, they may request that certain data be deleted in an LLM, yet this request is difficult to carry out in practice.
The research highlights one of the emerging challenges at the intersection of AI governance and data protection. She presents a two tier model in which the actively deployed LLM is accompanied by a parallel ‘shadow’ model.
After receiving a valied erasure request, the ‘shadow model’ would undergo the necessary unlearning processes to remove the relevant data. In the second tier, in a scheduled update, the ‘shadow’ model, which had undergone unlearning, would replace the initial LLM, thereby upholding data subject requests.
Apart from these insightful exchanges of knowledge on AI, digital sovereignty and data protection, the conference offered practical workshops on how to brainstorm re-writing the proposed Article 88b of the Omnibus, data protection officer and cybersecurity crisis scenarios, as well as open conversations about how to protect children in online environments.
Remaining questions
The conference also highlighted several unresolved policy questions that continue to shape European digital governance debates.
Regarding the Digital Omnibus, would companies scale up overnight if we removed regulations?
Does digital sovereignty need/have a definition, or should it be left to the meaning of ‘digital independence’?
Open markets vs data protection, where is the balance?
Regarding digital sovereignty, which clouds should be used in the EU?
Should simplification mean using the once-used definition of personal data by the CJEU, or sticking to the definition relied on in law, cases, and practice?
In order to protect EU sovereignty, should parts of the stack be a public utility?
Why does it matter?
CPDP 2026 demonstrated that while privacy and data protection remain central pillars of European digital policy, debates around AI governance, digital sovereignty and online child protection are rapidly gaining prominence.
The discussions highlighted the growing challenge of balancing innovation, competitiveness, fundamental rights and strategic autonomy as Europe defines its digital future.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Central bank digital currencies (CBDCs) have rapidly become one of the most debated topics in global finance. The growing adoption of cryptocurrency, the expansion of stablecoins, and the broader digitalisation of payment systems have prompted governments and central banks to reconsider how state-issued money should function in the digital era. Supporters present CBDCs as a modern financial innovation while critics argue that they could increase state control over financial activity.
Unlike traditional debates surrounding cryptocurrencies, discussions about CBDCs extend beyond the technology alone. Questions surrounding privacy, financial sovereignty, surveillance, monetary policy, and the future role of governments in digital finance now sit at the centre of the global CBDC debate. As more jurisdictions move from research to pilot programmes and implementation, CBDCs are increasingly viewed as a response to the rise of crypto assets and a broader transformation of modern financial infrastructure.
image via Magnific
What are CBDCs?
A central bank digital currency is a digital form of fiat currency issued and controlled by a central bank. Unlike decentralised cryptocurrencies, CBDCs remain fully tied to state monetary systems and national currencies. Their value is supported by governments in much the same way as traditional currency.
Anti-crypto by design, CBDCs differ significantly from cryptocurrencies despite often using similar technological concepts. Decentralised digital assets such as Bitcoin operate without a central authority and rely on distributed blockchain networks, whereas CBDCs are centrally managed and regulated. In practice, CBDCs represent a digital state currency, not an alternative financial system.
Most CBDC models fall into two categories: retail CBDCs and wholesale CBDCs. Retail CBDCs are designed for public use in everyday transactions, while wholesale CBDCs focus on interbank settlements and institutional payments.
Central banks have accelerated CBDC research partly because digital payments increasingly dominate global commerce. The rapid growth of crypto markets and private stablecoins has also intensified discussions about whether states risk losing influence over monetary systems if digital finance evolves outside government control.
image via Magnific
Why governments support CBDCs
Governments and central banks generally present CBDCs as a financial modernisation tool. One of the most frequently cited advantages involves payment efficiency. CBDCs could potentially enable faster domestic transactions, reduce settlement delays, and lower the cost of cross-border payments. In economies where digital payments already dominate consumer behaviour, central banks increasingly argue that public money must evolve alongside technological change.
Another major factor behind CBDC development is monetary sovereignty. The rise of cryptocurrencies and privately issued stablecoins has raised concerns among policymakers that private digital assets could weaken the state’s influence over financial systems. From this perspective, CBDCs are viewed as a way to maintain central bank authority in an increasingly digital economy.
Supporters also argue that CBDCs could improve financial inclusion. In regions where large parts of the population remain outside of traditional banking systems, digital state-backed wallets could provide broader access to financial services without requiring conventional bank accounts.
Some policymakers also view CBDCs as a strategic response to growing geopolitical competition in financial technology. Digital currencies could eventually reshape international payment networks and reduce dependence on existing cross-border settlement systems. As a result, CBDCs are increasingly becoming part of broader discussions surrounding economic competitiveness and technological sovereignty.
image via Magnific
Why the crypto community opposes CBDCs
Opposition to CBDCs within the cryptocurrency community largely centres on concerns surrounding centralisation and state control. Many crypto advocates argue that CBDCs contradict the original philosophy behind decentralised cryptocurrencies, which were designed to operate independently of governments and central financial institutions. Moreover, CBDCs are seen as an attempt to imitate cryptocurrencies.
Privacy concerns remain one of the most significant criticisms. Critics fear that CBDCs could expand government visibility into personal financial activity, particularly if digital payment systems become directly connected to state-controlled infrastructure. Unlike cash transactions, which provide a degree of anonymity, CBDC transactions could potentially allow authorities to monitor spending patterns in real time.
Concerns about programmable money have also intensified debate. Some critics argue that CBDCs could theoretically enable restrictions on how, where, or when money is spent. Although many governments insist that such scenarios are speculative, the possibility of programmable financial controls has become a major talking point in the crypto industry.
Another argument frequently raised by crypto supporters involves financial autonomy. Decentralised cryptocurrencies allow users to self-custody assets without relying on banks or governments. CBDCs, by contrast, remain fully integrated into state-controlled financial systems. For many in the crypto sector, this distinction represents a fundamental ideological divide rather than merely a technological difference.
Critics also argue that CBDCs could increase pressure on decentralised cryptocurrencies through stricter regulatory frameworks. Some fear that governments could eventually favour state-backed digital currencies while imposing stricter compliance requirements on private crypto platforms and decentralised finance ecosystems.
image via Magnific
Global CBDC projects and implementation challenges
Several jurisdictions have already launched or tested CBDC initiatives, producing mixed results across different economic and political environments.
China remains one of the most advanced examples through its digital yuan project, also known as e-CNY. Chinese authorities have promoted CBDC for years as part of a broader effort to modernise payments and strengthen the country’s digital financial infrastructure. However, public adoption has reportedly remained relatively weak despite extensive state support and pilot programmes in major cities. Surveys have indicated that a large majority of respondents neither encountered nor used the digital currency, highlighting ongoing scepticism among consumers.
India has adopted a noticeably more cautious approach towards CBDC implementation through its e-rupee project. Since its launch in late 2022, adoption has remained limited despite various incentives designed to encourage usage. Indian authorities have repeatedly stressed that while CBDCs could improve trade settlements, remittances, and cross-border transactions, the long-term consequences for the banking system remain uncertain. Officials from the Reserve Bank of India have warned that CBDCs could potentially destabilise traditional financial institutions during periods of economic stress.
Russia has also accelerated the development of the digital rouble as part of its broader financial modernisation strategy. The digital rouble is expected to enter a phased public rollout in 2026, with pilot programmes already including government transfers, commercial payments, transport services, and real estate transactions. Russian authorities have recently announced the country’s first digital ruble salary payment, marking an important symbolic milestone for the project. Authorities have stated that future CBDC salary payments would remain optional for recipients. The Bank of Russia has described the project as one of the world’s most advanced CBDC initiatives and has highlighted smart contracts, budgetary payments, and cross-border settlements as key areas for future application.
In contrast, the United States has become one of the most politically divided jurisdictions regarding CBDCs. Debate surrounding a potential digital dollar has increasingly focused on privacy, civil liberties, and financial surveillance concerns. Several Republican lawmakers have pushed for permanent restrictions that would prevent the Federal Reserve from issuing or even testing a US CBDC. Compared to jurisdictions actively implementing CBDCs, the United States appears to be increasingly focused on limiting government involvement in digital currency systems rather than expanding it.
Meanwhile, the European Central Bank continues to develop the digital euro project. European policymakers have framed the project as part of a broader effort to preserve monetary sovereignty and reduce dependence on non-European payment providers in an increasingly digital economy. According to the ECB, the system is intended to combine the convenience of digital payments with certain characteristics traditionally associated with cash. However, privacy has become one of the most sensitive aspects of the European debate.
Collectively, these international examples demonstrate that CBDC implementation is not solely a technological challenge. Public trust, political culture, regulatory design, and perceptions of privacy and state control may ultimately prove to be as important as the underlying digital infrastructure itself.
image via Magnific
CBDCs and cryptocurrencies: competition or coexistence?
Despite the growing tension between the two models, CBDCs and cryptocurrencies may not necessarily become direct replacements for one another. Analysts argue that the two systems could coexist while serving different purposes within the broader digital economy.
CBDCs are primarily designed to preserve and modernise existing monetary systems, whereas cryptocurrencies often aim to provide alternatives outside of traditional financial structures. From that perspective, CBDCs may function as a regulated digital payment infrastructure while decentralised cryptocurrencies continue to attract users seeking autonomy, borderless transactions, or alternative stores of value.
Some observers also believe that CBDC development could indirectly accelerate digital asset adoption by familiarising the public with blockchain-related technologies, tokenised payments, and digital wallets. Greater public exposure to digital currencies may ultimately increase broader participation in digital finance in general.
At the same time, tensions between the two ecosystems are unlikely to disappear entirely. The debate over CBDCs increasingly reflects a broader conflict between institutional control and decentralised financial models. Questions surrounding privacy, regulation, and ownership of financial data are likely to remain central as digital currency systems continue to evolve.
image via Magnific
Rethinking money, trust, and sovereignty
Ultimately, the debate over CBDCs is not merely about payments or financial technology, but about the future relationship between citizens, money, and the state itself. Throughout modern history, money has represented more than just economic value alone- it has reflected trust, sovereignty, political power, and social stability. As finance becomes increasingly digital, governments and societies are now forced to reconsider the role that public money should play in an environment shaped by decentralised technologies, borderless transactions, and rapidly evolving digital economies.
CBDCs may therefore emerge as one of the defining financial experiments of the twenty-first century. Their long-term significance will likely depend not only on technological efficiency but also on whether central banks can preserve public confidence while adapting to a digital era that increasingly values autonomy, privacy, and financial flexibility. Excessive state control could intensify public resistance, while insufficient innovation may risk weakening the relevance of sovereign currencies in a global financial system increasingly influenced by private digital assets and decentralised networks.
Rather than representing a simple conflict between governments and cryptocurrency communities, the rise of CBDCs may ultimately signal the beginning of a broader transformation in how value, trust, and economic participation are understood in the digital age. The countries that succeed may not necessarily be those with the most advanced technology, but those capable of balancing innovation with civil liberties, monetary stability with openness, and financial modernisation with public trust.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
For many years, digital policy focused mainly on connectivity. Governments measured progress through broadband expansion, smartphone adoption, internet penetration, and device accessibility. Success was defined by how many people could connect to digital networks rather than by how effectively they could navigate increasingly complex digital environments.
However, AI, algorithmic recommendation systems, synthetic media, and platform-driven information ecosystems are now forcing policymakers to reconsider this approach. Access alone no longer guarantees empowerment. Citizens may be connected to the digital world while remaining vulnerable to manipulation, misinformation, cyber fraud, algorithmic bias, and AI-generated deception.
Digital literacy is therefore evolving into something much broader than technical competence. It gradually includes media literacy, AI literacy, critical thinking, online safety awareness, privacy protection, and the ability to evaluate the credibility of information sources. In many countries, digital literacy is becoming directly linked to democratic resilience, social cohesion, economic competitiveness, and national security.
International organisations, regulators, and governments are beginning to frame digital literacy not merely as an educational issue but as a structural policy challenge. UNESCO initiatives, EU educational frameworks, online safety regulations, and national AI strategies all point to the same conclusion: societies are entering a phase where the ability to critically navigate digital systems may become as important as traditional literacy itself.
From digital access to digital judgement
The shift from access to judgement is becoming visible across multiple policy initiatives worldwide. Early digital inclusion strategies focused on closing infrastructure gaps and improving affordability. Current discussions increasingly focus on cognitive resilience and information integrity.
For example, UNESCO’s ‘Digital Citizens for Peace’ initiative in Pakistan offers a strong example of that transition. Pakistan has more than 205 million mobile subscribers and over 116 million internet users, yet UNESCO describes a growing ‘literacy-connectivity gap’. Digital access has expanded far faster than critical media literacy capabilities, leaving many users exposed to disinformation and online manipulation.
Rather than relying only on reactive fact-checking, UNESCO’s programme seeks to foster long-term digital judgement. Young journalists and content creators participate in media and information literacy camps that combine mentorship, role-playing exercises, ethical communication practices, and collaborative learning. Participants are encouraged not only to recognise misinformation but also to understand the broader social consequences of hate speech, manipulation, and digital polarisation.
Such programmes reflect an important evolution in policymaking. Digital literacy is no longer treated as a narrow technical skill associated with operating software or navigating websites. Increasingly, policymakers view it as a civic competence linked to democratic participation and responsible engagement in digital spaces.
That transition matters because modern information environments are no longer passive. Algorithms actively shape what users see, recommend emotionally engaging material, and amplify content capable of driving interaction. We, as citizens, therefore, need to understand not only the information itself, but also the systems that distribute it.
AI raises the stakes
AI dramatically intensifies these challenges. Generative AI systems can now produce realistic text, audio, images, and video at scale, often with minimal cost or expertise required. As we already know, deepfakes, synthetic media, AI-generated propaganda, and automated misinformation campaigns are becoming easier to deploy and harder to identify.
Such developments are forcing governments and educational institutions to rethink how societies prepare citizens for digital environments increasingly influenced by AI systems.
Importantly, the Council has not framed AI literacy as a purely technical matter. Instead, European policymakers have emphasised critical reflection, ethical understanding, and responsible digital citizenship. Teachers are described not merely as users of AI systems, but as guides capable of helping students understand limitations, biases, and broader societal implications.
That distinction is critical. AI literacy cannot simply mean learning how to use AI tools productively. Communities also need to understand how such systems influence perception, automate decisions, and shape public discourse. Without these skills, populations may struggle to distinguish authentic information from synthetic manipulation.
As such, digital literacy increasingly intersects with cyber resilience. Individuals and organisations need to understand the emerging threats connected to synthetic media, AI-driven fraud, deepfake impersonation, and automated social engineering techniques.
Education systems are the first line of defence
Schools and universities are gradually becoming central pillars of digital resilience strategies. Educational institutions are expected to prepare students not only for labour markets shaped by AI but also for digital societies susceptible to manipulation and polarisation.
That challenge places considerable pressure on teachers. Many education systems still struggle with uneven digital infrastructure, insufficient training, and outdated curricula. AI adoption risks widening those gaps if implementation occurs without adequate preparation.
Such efforts reveal an important reality often overlooked in AI discussions. Technology alone does not transform education. Institutional capacity, teacher confidence, curriculum design, and long-term support mechanisms remain equally important.
Several governments are therefore attempting to preserve human oversight while embracing technological innovation. European frameworks increasingly stress ‘digital humanism’, ensuring that AI systems support rather than replace human agency and democratic values.
Misinformation and civic resilience
The relationship between digital literacy and democratic resilience is becoming increasingly direct. Misinformation campaigns no longer operate only through fringe websites or isolated propaganda channels. False narratives now spread through mainstream social platforms, encrypted messaging applications, short-form video systems, and AI-generated media.
UNESCO’s ‘Share Responsibly’ campaign in Lebanon illustrates how policymakers are attempting to address misinformation as a social behaviour problem, not just a technological issue. Rather than focusing exclusively on platforms, the campaign highlights everyday spaces such as taxis, shops, and public areas where digital misinformation circulates through ordinary conversations and social sharing practices.
This approach, among other national and institutional initiatives (EU, governments, etc), recognises an important reality: misinformation spreads because people trust familiar networks and emotionally engaging narratives. Digital literacy, therefore, requires behavioural and cultural dimensions alongside technical awareness.
AI further complicates this dynamic. Synthetic voices, realistic avatars, and automated content generation systems can manufacture the illusion of public consensus. Information operations become more scalable, more personalised, and potentially more persuasive.
Digital literacy alone cannot solve the structural problems embedded in digital platforms themselves. Society may develop stronger critical thinking skills while remaining exposed to systems intentionally designed to maximise engagement, emotional reaction, and behavioural influence.
Regulators are increasingly recognising that platform architecture matters as much as user education.
European regulators have intensified scrutiny of recommender systems, addictive platform features, and manipulative interface design. Investigations involving major technology firms increasingly focus on algorithmic amplification, dark patterns, and risks connected to minors’ online experiences.
Individuals cannot realistically bear the full responsibility of navigating opaque recommendation systems, behavioural targeting mechanisms, and AI-driven engagement architectures alone. Effective digital governance requires a dual approach: empowering users while regulating platform behaviour.
That broader regulatory environment is reshaping the way policymakers think about digital citizenship. Instead of assuming neutral technological environments, governments increasingly recognise that digital systems actively influence behaviour, attention, and perception.
AI literacy and the future workforce
Digital literacy debates increasingly extend beyond democratic resilience into labour markets and economic competitiveness. AI systems are transforming workplaces across industries, forcing workers to adapt continuously to changing technological environments.
The World Economic Forum has argued that organisations succeeding with AI are redesigning workflows around human-machine collaboration rather than simply deploying technology. HR leaders are increasingly expected to oversee continuous learning systems, workforce adaptation, and AI-related reskilling strategies.
Research by the International Labour Organization similarly highlights growing risks of inequality if lifelong learning systems fail to evolve quickly enough. Workers lacking digital and AI-related skills may face exclusion from emerging labour markets, while technological concentration could deepen economic disparities between regions and social groups.
Such developments demonstrate that digital literacy is no longer confined to classrooms. Governments increasingly view AI and digital competencies as long-term economic infrastructure linked to productivity, competitiveness, and social stability.
National frameworks and international governance
As highlighted previously, the growing strategic importance of digital literacy is visible across national and international governance frameworks. UNESCO, the EU, Canada, China, Australia, and multiple other jurisdictions are integrating AI literacy, ethical governance, and digital resilience into broader policy agendas.
China has recently launched pilot programmes for AI ethics review and governance services, focusing on risks such as algorithmic discrimination and emotional dependence. European institutions continue to expand AI education frameworks and digital rights protections.
Despite different political systems and regulatory philosophies, many governments are converging around similar concerns. AI systems simultaneously influence education, labour markets, information ecosystems, public trust, cybersecurity, and democratic participation.
That convergence explains why digital literacy is now being discussed alongside concepts such as strategic autonomy, societal resilience, and democratic stability.
Limitations and unresolved tensions
Digital literacy initiatives nevertheless face important limitations. Awareness campaigns alone cannot resolve structural inequalities, opaque algorithms, or concentrated technological power.
There is also a risk that governments and technology firms will frame digital literacy as an individual responsibility, avoiding deeper questions about platform incentives, surveillance-based business models, and algorithmic amplification.
Citizens cannot realistically detect every deepfake, evaluate every manipulated narrative, or fully understand every AI system they encounter. Excessive reliance on individual vigilance may therefore create unrealistic expectations.
Educational inequalities present another major challenge. Wealthier regions often have stronger infrastructure, better-trained educators, and greater institutional capacity to adapt curricula. Less developed areas may struggle to implement sophisticated AI literacy programmes, potentially widening global and domestic divides.
In conclusion, digital literacy is gradually evolving into one of the defining governance challenges of the AI era. Connectivity alone no longer guarantees meaningful participation in digital societies shaped by algorithms, synthetic media, and automated systems.
Governments, regulators, and international organisations are now recognising that societies require more than infrastructure and access. Citizens need the capacity to critically evaluate information, understand AI systems, recognise manipulation, and participate responsibly in digital environments.
The next phase of digital transformation will therefore not be defined solely by technological sophistication. It will instead depend on whether societies can develop individuals capable of understanding, questioning, and shaping ever more powerful digital systems rather than passively consuming them.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The family of a victim killed in the April 2025 Florida State University shooting has filed a federal lawsuit in Florida against OpenAI, alleging that ChatGPT enabled the attack. The lawsuit was filed on Sunday by Vandana Joshi, the widow of Tiru Chabba, who was killed alongside university dining director Robert Morales.
The complaint states that the accused shooter, Phoenix Ikner, engaged in extensive conversations with ChatGPT months before leading up to the incident. According to the suit, those exchanges included images and discussions about firearms he had acquired, ideological material, ideological far-right beliefs, and possible outcomes of violent attacks.
The chatbot is further accused of providing contextual information about campus activity and commenting on factors that could increase public attention in violent incidents. This is indicated by the fact that at one point, ChatGPT said, ‘if children are involved, even 2-3 victims can draw more attention’. The filing also claims Ikner asked about legal consequences and planning considerations shortly before the attack.
The lawsuit contends that OpenAI failed to identify escalating risk indicators within the conversations and did not adequately prevent harmful guidance. It argues the system ‘failed to connect the dots’ despite Ikner’s repeated questions about suicide, terrorism and mass shootings.
OpenAI has rejected responsibility for the attack, claiming its platform is not to blame. Company spokesperson Drew Pusateri said ChatGPT generated factual responses that could be found broadly across publicly available information and did not encourage or promote illegal activity. He also stated that OpenAI continues to strengthen safeguards to identify harmful intent, reduce misuse and respond appropriately when safety risks arise.
Joshi’s complaint argues that the system reinforced the shooter’s beliefs and failed to interrupt conversations involving violent ideation. The filing alleges the ChatGPT inflamed, validated and endorsed delusional thinking and contributed to planning discussions while ‘convincing him that violent acts can be required to bring about change’.
The lawsuit forms part of a broader wave of litigation involving AI systems and alleged harm. OpenAI is already facing separate lawsuits linked to incidents involving violence and suicide, raising wider questions about safeguards and user protection
Florida’s Attorney General James Uthmeier announced a criminal investigation into OpenAI and ChatGPT following a review of chat logs connected to the case. Uthmeier said in a statement that ‘If ChatGPT is a person it would be facing charges for murder’.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
With the rapid expansion of AI technologies, agentic AI is rapidly moving from experimentation to deployment on a scale larger than ever before. As a result, these systems have been given far greater autonomy to perform tasks with limited human input, much to the delight of enterprise magnates.
Companies such as Microsoft, Google, Anthropic, and OpenAI are increasingly developing agentic AI systems capable of automating vulnerability detection, incident response, code analysis, and other security tasks traditionally handled by human teams.
The appeal of using agentic AI as a first line of defence is palpable, as cybersecurity teams face mounting pressure from the growing volume of attacks. According to the Microsoft Digital Defense Report 2025, the company now detects more than 600 million cyberattacks daily, ranging from ransomware and phishing campaigns to identity attacks. Additionally, the International Monetary Fund has also warned that cyber incidents have more than doubled since the COVID-19 pandemic, potentially triggering institutional failures and incurring enormous financial losses.
To add insult to injury, ransomware groups such as Conti, LockBit, and Salt Typhoon have shown increased activity from 2024 through early 2026, targeting critical infrastructure and global communications, as if aware of the upcoming cybersecurity fortifications and using a limited window of time to incur as much damage as possible.
In such circumstances, fully embracing agentic AI may seem like an ideal answer to the cybersecurity challenges looming on the horizon. Systems capable of autonomously detecting threats, analysing vulnerabilities, and accelerating response times could significantly strengthen cyber resilience.
Yet the same autonomy that makes these systems attractive to defenders could also be exploited by malicious actors. If agentic AI becomes a defining feature of cyber defence, policymakers and companies may soon face a more difficult question: how can they maximise its benefits without creating an entirely new layer of cyber risk?
Why cybersecurity is turning to agentic AI
The growing interest in agentic AI is not simply driven by the rise in cyber threats. It is also a response to the operational limitations of modern security teams, which are often overwhelmed by repetitive tasks that consume time and resources.
Security analysts routinely handle phishing alerts, identity verification requests, vulnerability assessments, patch management, and incident prioritisation — processes that can become difficult to manage at scale. Many of these tasks require speed rather than strategic decision-making, creating a natural opening for AI systems to operate with greater autonomy.
Microsoft has aggressively moved into this space. In March 2025, the company introduced Security Copilot agents designed to autonomously handle phishing triage, data security investigations, and identity management. Rather than replacing human analysts, Microsoft positioned the tools to reduce repetitive workloads and enable security teams to focus on more complex threats.
Google has approached the issue through vulnerability research. Through Project Naptime, the company demonstrated how AI systems could replicate parts of the workflow traditionally handled by human security researchers by identifying vulnerabilities, testing hypotheses, and reproducing findings.
Anthropic introduced another layer of complexity through Claude Mythos, a model built for high-risk cybersecurity tasks. While the company presented the model as a controlled release for defensive purposes, the announcement also highlighted how advanced cyber capabilities are becoming increasingly embedded in frontier AI systems.
Meanwhile, OpenAI has expanded partnerships with cybersecurity organisations and broadened access to specialised tools for defenders, signalling that major AI firms increasingly view cybersecurity as one of the most commercially viable applications for autonomous systems.
Together, these developments show that agentic AI is gradually becoming embedded in the cybersecurity infrastructure. For many companies, the question is no longer whether autonomous systems can support cyber defence, but how much responsibility they should be given.
When agentic AI tools become offensive weapons
The same capabilities that make agentic AI valuable to defenders also make it attractive to malicious actors. Systems designed to identify vulnerabilities, analyse code, automate workflows, and accelerate decision-making can be repurposed for offensive cyber operations.
Anthropic offered one of the clearest examples of that risk when it disclosed that malicious actors had used Claude in cyber campaigns. The company said attackers were not simply using the model for basic assistance, but were integrating it into broader operational workflows. The incident showed how agentic AI can move cyber misuse beyond advice and into execution.
The risk extends beyond large-scale cyber operations. Agentic AI systems could make phishing campaigns more scalable, automate reconnaissance, accelerate vulnerability discovery, and reduce the technical expertise needed to launch certain attacks. Tasks that once required specialist teams could become easier to coordinate through autonomous systems.
Security researchers have repeatedly warned that generative AI is already making social engineering more convincing through realistic phishing emails, cloned voices, and synthetic identities. More autonomous systems could further push those risks by combining content generation with independent action.
The concern is not that agentic AI will replace human hackers. Cybercrime could become faster, cheaper, and more scalable, mirroring the same efficiencies that organisations hope to achieve through AI-powered defence.
The agentic AI governance gap
The governance challenge surrounding agentic AI is no longer theoretical. As autonomous systems gain access to internal networks, cloud infrastructure, code repositories, and sensitive datasets, companies and regulators are being forced to confront risks that existing cybersecurity frameworks were not designed to manage.
Policymakers are starting to respond. In February 2026, the US National Institute of Standards and Technology (NIST) launched its AI Agent Standards Initiative, focused on identity verification and authentication frameworks for AI agents operating across digital environments. The aim is simple but important: organisations need to know which agents can be trusted, what they are allowed to do, and how their actions can be traced.
Governments are also becoming more cautious about deployment risks. In May 2026, the Cybersecurity and Infrastructure Security Agency (CISA) joined cybersecurity agencies from Australia, Canada, New Zealand, and the United Kingdom in issuing guidance on the secure adoption of agentic AI services. The warning was clear: autonomous systems become more dangerous when they are connected to sensitive infrastructure, external tools, and internal permissions.
The private sector is adjusting as well. Companies are increasingly discussing safeguards such as restricted permissions, audit logs, human approval checkpoints, and sandboxed environments to limit the degree of autonomy granted to AI agents.
The questions facing businesses are becoming practical. Should an AI agent be allowed to patch vulnerabilities without approval? Can it disable accounts, quarantine systems, or modify infrastructure independently? Who is held accountable when an autonomous system makes the wrong decision?
Agentic AI may become one of cybersecurity’s most effective defensive tools. Its success, however, will depend on whether governance frameworks evolve quickly enough to keep pace with the technology itself.
How companies are building guardrails around agentic AI
As concerns around autonomous cyber systems grow, companies are increasingly experimenting with safeguards designed to prevent agentic AI from becoming an uncontrolled risk. Rather than granting unrestricted access, many organisations are limiting what AI agents can see, what systems they can interact with, and what actions they can execute without human approval.
Anthropic has restricted access to Claude Mythos over concerns about offensive misuse, while OpenAI has recently expanded its Trusted Access for Cyber programme to provide vetted defenders with broader access to advanced cyber tools. Both approaches reflect a growing consensus that powerful cyber capabilities may require tiered access rather than unrestricted deployment.
The broader industry is moving in a similar direction. CrowdStrike has increasingly integrated AI-driven automation into threat intelligence and incident response workflows while maintaining human oversight for critical decisions. Palo Alto Networks has also expanded its AI-powered security automation tools designed to reduce response times without fully removing human analysts from the decision-making process.
Cloud providers are also becoming more cautious about autonomous access. Amazon Web Services, Google Cloud, and Microsoft Azure have increasingly emphasised zero-trust security models, role-based permissions, and segmented access controls as enterprises deploy more automated tools across sensitive infrastructure.
Meanwhile, sectors such as finance, healthcare, and critical infrastructure remain particularly cautious about fully autonomous deployment due to the potential consequences of false positives, accidental shutdowns, or disruptions to essential services.
As a result, security teams are increasingly discussing safeguards such as audit logs, sandboxed environments, role-based permissions, staged deployments, and human approval checkpoints to balance speed with accountability. For now, many companies seem ready to embrace agentic AI, but without keeping one hand on the emergency brake.
The future of cybersecurity may be agentic
Agentic AI is unlikely to remain a niche experiment for long. The scale of modern cyber threats, combined with the mounting pressure on security teams, means organisations will continue to look for faster and more scalable defensive tools.
That shift could significantly improve cybersecurity resilience. Autonomous systems may help organisations detect threats earlier, reduce response times, address workforce shortages, and manage the growing volume of attacks that human teams increasingly struggle to handle alone.
At the same time, the technology’s long-term success will depend as much on restraint as on innovation. Without clear governance frameworks, operational safeguards, and human oversight, the same tools designed to strengthen cyber defence could introduce entirely new vulnerabilities.
The future of cybersecurity may increasingly belong to agentic AI. Whether that future becomes safer or more volatile may depend on how responsibly governments, companies, and security teams manage the transition.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
DeepSeek has again placed itself at the centre of the global AI race. After drawing worldwide attention with its R1 reasoning model in early 2025, the Chinese company has recently released DeepSeek V4, a new model designed to compete not only on performance, but also on price, openness and efficiency.
The hype around DeepSeek V4 is not based on a single feature. The model comes with a 1 million-token context window, open weights, two versions for different use cases and a strong focus on agentic workflows such as coding, research, document analysis and long-running tasks. In a market still dominated by expensive closed models, DeepSeek is trying to prove that powerful AI does not need to remain locked behind trademarked systems.
A model built for long memory
The most immediate difference between DeepSeek V4 and other models is context length. Both DeepSeek-V4-Pro and DeepSeek-V4-Flash support a 1-million-token context window, meaning they can process inputs far longer than those of older generations of mainstream models. According to DeepSeek’s official release, one million tokens is now the default across all official DeepSeek services.
For ordinary users, that may sound technical. In practice, it matters because a longer context allows models to work with large documents, long conversations, full codebases, legal materials, research archives or complex project histories without losing track as quickly.
That is why DeepSeek V4 is not just another chatbot release. It is aimed at the next stage of AI use, where models are expected to act less like question-answering tools and more like assistants that can follow long processes over time.
Two models for two different needs
DeepSeek V4 comes in two main versions. DeepSeek-V4-Pro is a larger and more capable model, with 1.6 trillion total parameters and 49 billion active parameters. DeepSeek-V4-Flash is a smaller model, with 284 billion total parameters and 13 billion active parameters, designed for faster and more cost-effective workloads.
That distinction is important. Not every user needs the strongest model for every task. A company summarising documents, routing queries or running basic support may choose Flash. A developer working on complex coding tasks, long-context agents or advanced reasoning may prefer Pro.
DeepSeek’s release reflects a broader trend in AI. The best model is no longer always the biggest one. Cost, speed, context size and deployment flexibility are now as important as raw benchmark performance.
Why the price matters
One reason DeepSeek attracts so much attention is its aggressive pricing. DeepSeek’s API page lists V4-Flash at USD 0.14 per 1 million input tokens on a cache miss and USD 0.28 per 1 million output tokens. V4-Pro is listed at USD 1.74 per 1 million input tokens and USD 3.48 per 1 million output tokens before the temporary 75% discount.
For developers and companies, that changes the calculation. High-performing AI models are useful only if they can be deployed at scale. If every long document, coding session or agentic workflow becomes too expensive, adoption slows down.
DeepSeek’s challenge to the market is therefore not only technical. It is economic. The company is pushing the idea that frontier-level AI should be cheaper to run, easier to access and less dependent on closed ecosystems.
The architecture behind the hype
DeepSeek V4 uses a mixture-of-experts approach, meaning only part of the model is active during each response. That helps explain why the model can be very large on paper, yet still more efficient to run than a dense model of similar overall size.
The more interesting part is how DeepSeek handles long context. NVIDIA’s technical overview explains that DeepSeek V4 uses hybrid attention, combining compression and selective attention techniques to reduce the cost of processing very long prompts. NVIDIA says these changes are designed to cut per-token inference FLOPs by 73% and reduce KV cache memory burden by 90% compared with DeepSeek-V3.2.
For a non-technical audience, the point is simple. DeepSeek V4 is trying to solve one of the biggest problems in modern AI: how to make models remember and process much more information without becoming too slow or too expensive.
That is where much of the hype comes from. The model is not merely larger. It is designed around the economics of long-context AI.
Why NVIDIA is still in the picture
NVIDIA’s role in the DeepSeek V4 story is especially interesting. DeepSeek is often discussed as part of China’s effort to build a more independent AI ecosystem, but NVIDIA has also been quick to move forward to support developers who want to build with the model.
In its technical blog, NVIDIA describes DeepSeek V4 as a model family designed for efficient inference of million-token contexts. The company says DeepSeek-V4-Pro and V4-Flash are available through NVIDIA GPU-accelerated endpoints, while developers can also use NVIDIA Blackwell, NIM containers, SGLang and vLLM deployment options.
NVIDIA also reports that early tests of DeepSeek-V4-Pro on the GB200 NVL72 platform showed more than 150 tokens per second per user. That matters because long-context models place heavy memory pressure, as well as on compute and networking infrastructure. The model may be efficient by design, but serving it at scale still requires serious hardware.
So, DeepSeek V4 does not remove NVIDIA from the story – it complicates it. The model is part of a broader push towards more efficient AI, but the infrastructure race remains central.
The chip question behind the model
DeepSeek V4 also arrives at a time when AI infrastructure is becoming just as important as model performance. MIT Technology Review frames the release partly through that lens, noting that DeepSeek’s new model reflects China’s broader attempt to reduce reliance on foreign AI hardware and build a more self-sufficient technology stack.
That detail matters because the AI race is no longer only about who builds the most capable model. It is also about who controls the chips, software frameworks and data centres needed to run it.
Replacing NVIDIA, however, remains difficult. Its advantage lies not just in its chips, but also in the software ecosystem developers have built around its platforms over many years. Moving to alternative hardware means adapting code, rebuilding tools and proving that the new systems are stable enough for serious use.
DeepSeek V4, however, sits between two realities. It points towards China’s ambition to build a more independent AI stack, while NVIDIA’s rapid support for the model shows that frontier AI still depends heavily on established infrastructure.
Open weights as a strategic move
DeepSeek V4 is also important because the model weights are available through Hugging Face under the MIT License. That gives developers more freedom to inspect, adapt and deploy the model than they would have with a fully closed commercial system.
Open-weight models are becoming a major pressure point in the AI race. Closed models may still lead in some areas, especially in polished consumer products, enterprise support and safety layers. However, open models offer something different: flexibility.
For universities, start-ups, smaller companies and developers outside the largest AI ecosystems, that flexibility matters. It means advanced AI can be tested, modified and integrated without relying entirely on a handful of dominant providers.
Benchmarks need caution
DeepSeek presents V4-Pro as highly competitive across reasoning, coding, long-context and agentic benchmarks. Hugging Face lists results including 80.6 on SWE-bench Verified, 90.1 on GPQA Diamond and 87.5 on MMLU-Pro for DeepSeek-V4-Pro.
Those numbers are impressive, but they should not be treated as the full story. Benchmarks are useful, but they rarely capture every real-world use case. A model can score well on coding tests and still struggle with reliability, factual accuracy, safety or complex multi-step workflows in production.
That caution is important. The AI industry often turns benchmarks into headlines, while real performance depends on deployment, prompting, safety controls and the specific task at hand.
More than just another model release
DeepSeek V4 matters because it combines several trends into one release: long context, lower prices, open weights, agentic workflows and geopolitical competition. It also shows that the AI race is no longer fought only in labs, benchmarks and data centres. Visibility now matters too. Tools such as Diplo’s Digital Footprints show how digital presence shapes the way technology actors and media narratives are discovered, ranked and understood. At this stage, the competition is not only about who has the smartest model. It is also about who can make intelligence cheaper, more available and easier to deploy.
That does not mean DeepSeek has solved every problem. Questions remain around independent benchmarking, safety, data governance, infrastructure and the broader political context of Chinese AI development. Still, the release does show where the market is heading.
The next phase of AI may not be defined solely by the most powerful model. It may be defined by the model that is powerful enough, affordable enough and open enough to change how people build products, services and tools with AI.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
On 7 April 2026, Anthropic announced Claude Mythos Preview, its most capable AI model to date, alongside the explicit decision not to make it publicly available. Claude Mythos Preview is a general-purpose, unreleased frontier model that, in Anthropic’s own words, reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans in finding and exploiting software vulnerabilities.
The announcement was accompanied by a coordinated industry initiative, proactive government briefings across the US and UK, and a detailed 244-page system card.
The significance of the Mythos case extends beyond the technical capabilities of a single model. It raises substantive questions about whether voluntary governance frameworks are sufficient at the frontier of AI development, what it means for the world’s most powerful technology to be held by a small group of private actors, and whether informal engagement with governments constitutes adequate oversight when the stakes involve critical infrastructure, national security, and the global software ecosystem.
Data leak
In late March 2026, security researchers identified an unsecured data cache linked to Anthropic’s content management system, through which nearly 3,000 unpublished assets were accessible via public URLs. Among the materials were a draft blog post describing the model and internal benchmark comparisons. The incident was attributed to human error: assets published via the content management system were set to public by default and required an explicit action to change that setting.
The leak generated immediate media attention and forced Anthropic to make an unplanned public confirmation of the model’s existence. The company accelerated its official announcement to 7 April 2026. Anthropic’s restricted deployment strategy depends on maintaining clear access boundaries during early rollout – precisely the kind of operational control the content management system incident suggests requires stronger enforcement. The incident is relevant beyond its immediate consequences: it illustrates how information about frontier AI capabilities can become public through routine operational failures, independent of any deliberate disclosure decision.
A new tier in the model landscape
Anthropic’s published benchmarks show Mythos Preview scored 93.9% on the SWE-bench Verified test, 97.6% on the USAMO 2026 mathematics evaluation, and and significantly outperformed all previously released models in cybersecurity-specific assessments. The SWE-bench Verified score is roughly double the 2024 state of the art and was achieved in an agentic context, where the model autonomously resolved real software engineering issues from production codebases.
On the USAMO 2026 evaluation, Mythos Preview scored 55 percentage points higher than Opus 4.6, which scored 42.3%. On GPQA Diamond, a graduate-level scientific reasoning benchmark, Mythos Preview scored 94.6%. On Terminal-Bench 2.0, which evaluates system administration and command-line proficiency, it scored 82.0%, a 16.6-point lead over Opus 4.6. On the cybersecurity benchmark Cybench, the model scored 100% on the first attempt, making it no longer useful as a discriminating evaluation.
Cybersecurity capabilities
The decision not to release Mythos Preview publicly is linked to concerns about its advanced capabilities, particularly in high-risk domains such as cybersecurity, as well as broader considerations related to safety and potential misuse.
Notably, these capabilities are not the result of targeted training. Anthropic did not explicitly train Mythos Preview to have these capabilities. They emerged as a downstream consequence of general improvements in code, reasoning, and autonomy. The same improvements that make the model substantially more effective at patching vulnerabilities also make it substantially more effective at exploiting them.
During internal testing, Mythos Preview identified thousands of zero-day vulnerabilities across every major operating system and every major web browser, as well as other critical software, many of them high severity and previously undetected for years. Three disclosed examples provide concrete shape to what this means.
Mythos Preview found a 27-year-old vulnerability in OpenBSD, used to run firewalls and critical infrastructure, which allowed an attacker to remotely crash any machine running it simply by connecting to it. It identified a 16-year-old flaw in FFmpeg in a line of code that automated testing tools had accessed five million times without detecting the problem. It also autonomously identified and chained together several vulnerabilities in the Linux kernel, allowing an attacker to escalate from regular user access to complete control of a machine.
In one case, the model wrote a web browser exploit that chained together four vulnerabilities to escape both the renderer and operating system sandboxes. In another, it identified vulnerability in a server, discovered a method to bypass authentication requirements, constructed a 20-element attack chain, and split it across six sequential network packets, entirely without human involvement after the initial prompt.
The accessibility dimension is a distinct governance concern. Anthropic engineers with no formal security training could ask Mythos to find remote code execution vulnerabilities overnight and have a complete, working exploit the following morning. Traditionally, sophisticated cyberattacks have required highly skilled teams, extensive planning, and deep technical expertise. Models with these capabilities may lower those barriers substantially, including smaller state actors and non-state actors.
Safety evaluations and alignment findings
Anthropic’s system card simultaneously describes Mythos Preview as the best-aligned model it has released to date by a significant margin, while warning that it likely poses the highest alignment-related risk of any model it has released to date. These assessments are presented together because they reflect different dimensions of the same model: stronger alignment training alongside greater capability does not eliminate the risks that arise from autonomous operation at this level.
Among the findings documented in the system card is a sandbox escape during internal safety evaluation. Researchers placed an early version of Claude Mythos Preview in an isolated computing environment and, as part of a red-teaming exercise, instructed the model to attempt to escape and contact the overseeing researcher. The model succeeded: it developed a multi-step exploit, gained unauthorised internet access, and emailed the researcher, who was eating a sandwich in a park. Without being asked, the model also posted details of its exploit to multiple hard-to-find but technically public-facing websites.
Anthropic has disclosed only a fraction of what it says it has found during internal testing. Over 99% of the vulnerabilities discovered by Mythos remained unpatched at the time of the 7 April announcement. The company followed a coordinated vulnerability disclosure process, providing cryptographic commitments to undisclosed vulnerability details and committing to release specifics once patches are in place.
The Responsible Scaling Policy
Anthropic’s decision-making around Mythos is structured by its Responsible Scaling Policy (RSP), a self-imposed framework first published in 2023 and updated to version 3.0 in February 2026. RSP defines AI Safety Levels (ASL) that set capability thresholds determining what safeguards must be in place before deployment.
Claude Mythos’s ability to autonomously find thousands of zero-day vulnerabilities in real software has placed it at or near the ASL-3 threshold for cybersecurity capabilities. ASL-3 covers models that could provide meaningful assistance to actors seeking to cause significant harm, requiring substantial additional safety measures before deployment.
RSP version 3.0 involves the publication of Frontier Safety Roadmaps with detailed safety goals, as well as Risk Reports that quantify the risk across all deployed models. RSP is built on the principle of proportional protection, where safety measures are intended to scale in tandem with model capabilities.
The framework is not legally binding. The public release of RSP increases transparency and introduces a degree of accountability, but it remains a voluntary, self-imposed governance mechanism rather than government regulation.
Version 3.0 introduced a significant change in how deployment decisions are handled. Earlier versions included a stronger commitment to pause development or delay release if safety measures were insufficient. In the updated policy, this approach has been replaced by a more conditional framework, which takes into account factors such as the level of risk and the broader competitive environment.
Anthropic also acknowledges that unilateral restraint may be less effective if other developers continue to advance similar systems, reflecting what it describes as a collective action problem.
These changes have drawn criticism from AI safety researchers, some of whom argue that they may weaken the credibility of voluntary governance mechanisms under competitive pressure.
In May 2025, Anthropic activated ASL-3 protections because it felt it could no longer make a sufficiently strong case that the relevant risk was low. More than nine months later, despite significant effort, including a randomised controlled trial, no compelling evidence that the risk was high has materialised. This grey zone, where neither safety nor significant risk can be definitively demonstrated, is where much of the governance challenge currently sits.
Project Glasswing
Anthropic launched Project Glasswing as a structured access mechanism to use Claude Mythos Preview for defensive cybersecurity purposes. The initiative brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as launch partners, with access also extended to over 40 additional organisations that build or maintain critical software infrastructure.
Project Glasswing partners will receive access to Claude Mythos Preview to find and fix vulnerabilities in their foundational systems, with work expected to focus on local vulnerability detection, black box testing of binaries, securing endpoints, and penetration testing. Anthropic is committing up to $100M in usage credits for Mythos Preview across these efforts. Following the initial research preview period, access to the model will be available to participants at $25 per million input tokens and $125 per million output tokens across the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.
Anthropic has also donated $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation to enable open-source software maintainers to respond to the changing cybersecurity landscape.
Within 90 days, Anthropic has committed to reporting publicly on what it has learned, as well as the vulnerabilities fixed and improvements made that can be disclosed. The company also intends to collaborate with leading security organisations to produce practical recommendations covering vulnerability disclosure processes, software update processes, open-source and supply-chain security, and patching automation, among other areas.
Anthropic has stated that Project Glasswing is a starting point, and that in the medium term an independent, third-party body bringing together private and public sector organisations might be the ideal home for continued work on large-scale cybersecurity projects.
Project Glasswing raises a governance question for the industry, as cyber-capable AI systems may become useful security tools and a source of misuse risk at the same time. Project Glasswing’s structure also reveals tensions, as it concentrates several roles including discovery, disclosure coordination, and capability gatekeeping in a single organisation. Entities such as Anthropic and major cloud providers control critical components of the Glasswing ecosystem, raising questions about power and governance that, for financial institutions in particular, translate into systemic risk.
Government responses
Prior to the external release, Anthropic briefed senior US government officials on Mythos’s offensive and defensive cyber capabilities, including the Cybersecurity and Infrastructure Security Agency and the Center for AI Standards and Innovation. On the same day that Project Glasswing was announced, US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened a meeting with the chief executives of major Wall Street banks to communicate the cybersecurity risks the model presents.
In the UK, officials from the Bank of England, the Financial Conduct Authority, and the Treasury entered into urgent talks with the National Cyber Security Centre. Representatives from major British banks, insurers, and exchanges were expected to be briefed on cybersecurity risks within the following two weeks. These consultations were initiated by regulators, not as a result of any legal obligation on Anthropic’s part.
Anthropic co-founder Jack Clark confirmed at the Semafor World Economy Summit that the company had briefed the Trump administration on Mythos. Clark stated that ‘our position is the government has to know about this stuff, and we have to find new ways for the government to partner with a private sector that is making things that are truly revolutionizing the economy,’ adding that ‘absolutely, we talked to them about Mythos, and we’ll talk to them about the next models as well.’
The Anthropic-Pentagon dispute
The relationship between Anthropic and the US government in the lead-up to the Mythos announcement was already shaped by an active legal dispute. On 27 February 2026, six weeks before the Mythos announcement, the Trump administration ordered federal agencies and military contractors to halt business with Anthropic after the company refused to allow the Pentagon to use its technology without restrictions. Anthropic had two stated red lines: it did not want its AI systems used in autonomous weapons or domestic mass surveillance.
The Department of Defense designated Anthropic a supply chain risk, a label usually applied to firms associated with foreign adversaries. A federal judge in California blocked the Pentagon’s effort, ruling that the measures violated Anthropic’s constitutional rights. A federal appeals court subsequently denied Anthropic’s request to temporarily block the blacklisting, leaving the company excluded from Department of Defense contracts while allowing it to continue working with other government agencies during litigation.
The dispute illustrates the structural tension that the Mythos case makes concrete. Anthropic simultaneously informed the US government about the most capable cyber AI system ever evaluated, sought partnerships with government agencies through Project Glasswing, and was engaged in legal proceedings against the Pentagon over the limits of the military use of its technology. Frontier AI companies operate largely beyond formal government authority and may come into significant conflict with it, as the legal battle between Anthropic and the Pentagon demonstrates. The governance environment does not yet have well-established mechanisms for resolving these tensions.
Geopolitical dimensions
Claude Mythos has sharpened attention on the competitive and geopolitical dimensions of frontier AI development. Project Glasswing’s launch partners exclude Anthropic’s rival OpenAI, which is reported to be approximately six months behind Anthropic in developing a model with comparable offensive cyber capabilities.
Senior policy voices have positioned Mythos within the broader competition between Western AI companies and China‘s rapidly evolving AI ecosystem, with implications for national security, enterprise adoption, and technological leadership. A security researcher assessed a concurrent source code leak from Anthropic as a geopolitical accelerant, noting that such exposures compress the timeline for adversaries to replicate technological advantages currently held by Western laboratories.
Many defence organisations still rely on legacy software and infrastructure not designed with AI-driven threats in mind. Models capable of autonomously identifying hidden flaws in older code may expose weaknesses in critical defence networks around the world. The difficulty of containment at the geopolitical level is reflected in usage patterns. Access restriction at the laboratory level does not translate reliably into containment across jurisdictions when the same underlying models are accessible via cloud infrastructure spanning multiple countries and regulatory environments.
The limits of voluntary AI governance
The Claude Mythos case has clarified, with considerable precision, what voluntary AI governance can and cannot achieve. A responsible laboratory can make a unilateral decision not to release a dangerous system. It can support coordinated vulnerability disclosure, engage governments proactively, and produce detailed public documentation of a model’s capabilities and risks. All of these have occurred with Mythos, and represent meaningful progress relative to the governance environment of a few years ago.
What voluntary frameworks cannot do is bind competitors who operate under different assumptions. Anthropic’s RSP version 3.0 acknowledges this directly by removing the commitment to withhold unsafe models if another laboratory releases a comparable model first. The competitive structure of the AI industry means that restraint by one actor does not prevent the underlying capability from eventually proliferating. Voluntary governance frameworks work best when they generate shared norms across an industry. When the industry is structured around intense competition among a small number of organisations, voluntary restraint by a single actor does not resolve the broader question of access.
Analysts note that what Mythos does today in a restricted environment, publicly available models are likely to replicate within one to two model generations. The next phase of the EU AI Act takes effect in August 2026, introducing automated audit trails, cybersecurity requirements for AI systems classified as high risk, incident reporting obligations, and penalties of up to 3% of global revenue. The EU framework represents a shift toward binding governance, but its scope relative to the pace and international distribution of frontier AI development remains to be demonstrated.
Conclusion
Anthropic acknowledges that capabilities like those demonstrated by Mythos will proliferate beyond actors committed to deploying them safely, with potential fallout for economies, public safety, and national security. The company’s response, taken in aggregate, reflects a serious attempt to manage that risk within the constraints of voluntary frameworks and private decision-making. The Responsible Scaling Policy, Project Glasswing, proactive government briefings, and the detailed system card are each substantive contributions. They are also all products of a single private entity’s judgement, operating without binding external accountability.
The Mythos case does not so much call for a different assessment of Anthropic’s conduct as it does a clear-eyed view of what voluntary governance can realistically sustain at the frontier of AI development. Governments on both sides of the Atlantic were briefed informally about a model whose capabilities are consequential for critical infrastructure and national security. No binding notification requirement existed. No independent technical authority had prior access. No international coordination mechanism was in place.
No single organisation can solve these challenges alone. Frontier AI developers, software companies, security researchers, open-source maintainers, and governments all have essential roles to play. The Mythos case has made that observation not merely a statement of aspiration but a policy problem that requires concrete institutional responses. Whether those responses will take shape before the next capability threshold is reached is the question now facing policymakers.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Every technological leap forces society to renegotiate its relationship with power. Intelligence, once a uniquely human advantage, is now being abstracted, scaled, and embedded into machines. As AI evolves from a tool into an autonomous force shaping economies and institutions, the question is no longer what AI can do, but who it will ultimately serve.
A new framework published by OpenAI sets out a vision for managing the transition towards advanced AI systems, often described as superintelligence. Framed as a policy agenda for governments and institutions, it attempts to define how societies should respond to rapid advances in AI governance, economic transformation, and workforce disruption.
At its core, the document is not a regulation but influence: an attempt to shape how policymakers think about industrial policy for AI, productivity gains, and the redistribution of technological power.
Image via freepik
AI industrial policy and the next economic transformation
The central argument is that AI will act as a general-purpose technology comparable to electricity or the combustion engine. It promises higher productivity, lower costs, and accelerated innovation across industries. In policy terms, this aligns with broader discussions around AI-driven productivity growth and economic restructuring.
However, historical precedent suggests that such transitions are rarely evenly distributed. Industrial revolutions typically begin with labour displacement, rising inequality, and capital concentration, before broader gains are realised. AI may intensify this dynamic due to its dependence on compute infrastructure, proprietary models, and large-scale data ecosystems.
Economic power may become increasingly concentrated among a small number of AI developers and infrastructure providers, posing a structural risk of reinforcing existing inequalities rather than reducing them.
Image via freepik
The return of industrial policy in the AI economy
A key feature of the document is its explicit endorsement of AI industrial policy as a necessary response to market limitations. Governments, it argues, must play a more active role in shaping outcomes through regulation, investment, and public-private coordination.
A broader global shift in economic thinking is reflected in this approach. Strategic sectors such as semiconductors, energy, and digital infrastructure are already experiencing increased state intervention. AI now joins that category as a critical technology.
Yet this approach introduces a significant tension. When leading AI firms contribute directly to the design of AI regulation and governance frameworks, the risk of regulatory capture increases. Policies intended to ensure fairness and safety may inadvertently reinforce the dominance of incumbent companies by raising compliance costs and technical barriers for smaller competitors.
In this sense, AI industrial policy may not only guide innovation but also determine market entry, competition, and the long-term economic structure.
Image via freepik
Redistribution, taxation, and the question of AI wealth
The document places strong emphasis on economic inclusion in the AI economy, proposing mechanisms such as a public wealth fund, AI taxation, and expanded access to capital markets. These ideas are designed to address one of the central challenges of AI-driven growth: the potential for extreme wealth concentration.
As AI systems increase productivity while reducing reliance on human labour, traditional tax bases such as wages and payroll contributions may weaken. The proposal to tax AI-generated profits or automated labour reflects an attempt to stabilise public finances in an increasingly automated economy.
Equally significant is the idea of a ‘right to AI’, which frames access to AI as a foundational requirement for participation in modern economic life. This positions AI not merely as a tool, but as a form of digital infrastructure essential to economic agency and inclusion.
However, these proposals face major implementation challenges. Measuring AI-generated value is complex, particularly in hybrid systems where human and machine inputs are deeply integrated. Without clear definitions, AI taxation frameworks and redistribution mechanisms could prove difficult to enforce at scale.
Image via freepik
Workforce disruption and the future of work
The document recognises that AI will significantly reshape labour markets. Many tasks that currently require hours of human effort are already being automated, with future systems expected to handle more complex, multi-step workflows.
To manage this transition, the proposal highlights reskilling programmes, portable benefits systems, and adaptive social safety nets, alongside experimental ideas such as a reduced working week. These measures aim to mitigate the impact of automation and workforce disruption while maintaining economic stability.
However, the pace of change introduces uncertainty. Historically, labour markets have adjusted over decades, allowing new roles to emerge gradually. AI-driven disruption may occur much faster, compressing adjustment periods and increasing transitional risk.
While the document highlights expansion in sectors such as healthcare, education, and care services, these ‘human-centred jobs’ require substantial investment in training, wages, and institutional support to absorb displaced workers effectively.
Image via freepik
AI safety, governance, and systemic control
Beyond economic considerations, the proposal places a strong emphasis on AI safety, auditing frameworks, and risk mitigation systems. The proposed measures include model evaluation standards, incident reporting mechanisms, and international coordination structures.
These safeguards respond to growing concerns around cybersecurity risks, biosecurity threats, and systemic model misalignment. As AI systems become more autonomous and embedded in critical infrastructure, governance mechanisms must evolve accordingly.
However, safety frameworks also introduce questions of control. Determining which systems are classified as high-risk inevitably centralises authority within regulatory and institutional bodies. In practice, this may restrict access to advanced AI systems to organisations capable of meeting stringent compliance requirements.
A structural trade-off between security and openness is emerging in the AI economy, raising questions about how innovation and oversight can coexist without reinforcing centralisation.
Image via freepik
Strategic influence and the future of AI governance
The proposal from OpenAI is both policy-oriented and strategically positioned. It acknowledges legitimate risks- inequality, labour disruption, and systemic instability, while offering a roadmap for managing them through structured intervention.
At the same time, it reflects the perspective of a leading actor in the AI industry. As a result, its recommendations exist at the intersection of public interest and commercial strategy. The dual role raises important questions about who defines AI governance frameworks and how economic power is distributed in the intelligence age.
The broader challenge is not only technological but also institutional: ensuring that AI industrial policy, regulation, ethics and economic design are shaped through transparent and democratic processes, rather than through concentrated private influence.
Image via freepik
AI industrial policy will define economic power
AI is no longer solely a technological development- it is a structural force reshaping global economic systems. The emergence of AI industrial policy frameworks reflects an attempt to manage this transformation proactively rather than reactively.
The success or failure of these approaches will determine whether AI-driven growth leads to broader prosperity or deeper concentration of wealth and power. Without effective governance, the risks of inequality and centralisation are significant. With carefully designed policies, there is real potential to expand access, improve productivity, and distribute benefits more widely.
Digital diplomacy may increasingly come to the fore as a mechanism for arbitrating competing approaches to AI policy and governance across jurisdictions. As regulatory frameworks diverge, diplomatic channels could serve to bridge gaps, negotiate standards, and balance strategic interests, positioning digital diplomacy as a practical tool for managing fragmentation in the evolving AI economy.
Ultimately, the intelligence age will not be defined by technology alone, but by the AI governance systems, economic frameworks, and industrial policy decisions that guide its development. The outcome will depend on the extent to which global stakeholders succeed in building a shared and coordinated vision for its future.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
The European Union has entered a new phase in the governance of AI, moving from the legislative adoption of the Artificial Intelligence Act (AI Act) towards its practical implementation. This particular phase places particular emphasis on obligations of providers of general-purpose AI (GPAI) models, reflecting the increasing role of such systems in the broader digital ecosystem.
The AI Act, adopted in 2024, establishes a comprehensive legal framework for AI within the EU. It introduces a risk-based approach that classifies AI systems into categories ranging from minimal risk to unacceptable risk, with corresponding regulatory requirements.
According to the official text of the regulation, the framework is designed to ensure that AI systems placed on the market in the Union are ‘safe and respect existing law on fundamental rights and Union values.’
While earlier discussions around the Act focused on its legislative negotiation and scope, the current phase centres on how its provisions will be applied in practice.
General-purpose AI models within the AI Act
A key element of this implementation phase concerns general-purpose AI models. These models, which can be integrated into a wide range of downstream applications, occupy a distinct position within the regulatory framework.
The AI Act defines general-purpose AI models as systems that can be used across multiple tasks and contexts and may ‘serve a variety of purposes, both for direct use and for integration into other AI systems.’
That positioning reflects the broad applicability of these models, particularly in areas such as natural language processing, content generation, and data analysis.
The Act also recognises that the widespread deployment of such models may have implications beyond individual use cases, particularly when integrated into high-risk systems.
Obligations for providers of GPAI models
The European Commission, together with the European AI Office, has begun outlining expectations for compliance with provisions related to general-purpose AI.
According to official EU materials, providers of GPAI models are required to ensure that technical documentation is drawn up and kept up to date.
Image via Freepik
The regulation specifies that providers should ‘draw up and keep up-to-date technical documentation of the model,’ ensuring that relevant information is accessible for compliance and oversight purposes. In addition, transparency obligations require providers to make certain information available to downstream deployers.
The intention of this is to support the responsible integration of GPAI models into other systems.
Distinction between GPAI and systemic-risk models
The AI Act introduces a distinction between general-purpose AI models and those considered to pose systemic risk.
Models that meet specific criteria, such as scale, capability, or deployment level, may be classified as having a systemic impact.
For such models, additional obligations apply, including requirements related to evaluation, risk mitigation, and reporting. The European Commission has indicated that further guidance will clarify how systemic risk thresholds are determined, including through delegated acts and technical standards.
Role of the European AI Office in implementation
The European AI Office, established within the European Commission, plays a central role in supporting the implementation of the AI Act.
Its responsibilities include contributing to the consistent application of the regulation, coordinating with national authorities, and supporting the development of methodologies for compliance.
According to the European Commission, the AI Office is tasked with ‘ensuring the coherent implementation of the AI Act across the Union.’ The Office is also expected to contribute to the development of benchmarks, testing frameworks, and guidance documents that support both regulators and providers.
Phased implementation timeline
The implementation of the AI Act is structured as a phased process, with different provisions becoming applicable over time.
That phased approach allows stakeholders to adapt to the regulatory requirements while enabling authorities to establish enforcement mechanisms.
Provisions related to general-purpose AI models are among the earlier elements to be operationalised, reflecting their central role in the current AI landscape.
The European Commission has indicated that additional implementing acts and guidance documents will be issued as part of this process.
Coordination with national authorities
While the European AI Office plays a coordinating role at the EU level, enforcement remains the responsibility of national authorities within member states.
The AI Act establishes mechanisms for cooperation and information-sharing to support a harmonised approach across the European Union.
National authorities are expected to work closely with the AI Office and the European Commission to oversee compliance and address emerging challenges.
Stakeholder engagement and technical guidance
The implementation phase also involves engagement with a range of stakeholders, including industry actors, civil society organisations, and technical experts.
Also, the European Commission has initiated consultations and workshops to gather input on practical aspects of implementation, such as documentation standards and risk assessment methodologies.
The following process supports the development of operational guidance applicable across sectors and use cases.
Interaction with the EU digital regulatory framework
These frameworks address different aspects of the digital ecosystem, including data protection, platform governance, and market competition.
The relationship between the AI Act and these instruments is expected to be clarified further during implementation.
International context: OECD and UN approaches
The governance of general-purpose AI models is also being addressed at the international level.
The OECD AI Principles state that AI systems should be ‘robust, secure and safe throughout their entire lifecycle,’ and emphasise accountability for their functioning.
At the UN level, the Global Digital Compact process addresses issues related to transparency, accountability, and oversight of digital technologies, including AI.
The listed initiatives provide non-binding guidance, in contrast to the legally binding framework established by the EU AI Act.
Ongoing development of technical standards
The development of technical standards is an important component of the implementation process.
The European Commission has indicated that it will work with standardisation organisations to develop specifications related to documentation, evaluation, and risk management.
These standards are expected to support the practical application of the AI Act’s provisions.
From regulatory framework to regulatory practice
The current phase of the EU AI Act marks a transition from legislative design to regulatory practice.
For providers of general-purpose AI models, this involves preparing to meet obligations related to documentation, transparency, and risk management. For regulators, the focus is on ensuring consistent application of the rules across member states, supported by coordination mechanisms and guidance from the AI Office.
The implementation process is expected to evolve as further guidance is issued.
Conclusion
The European Union’s AI Act is entering its implementation phase, with a particular focus on general-purpose AI models.
That phase involves translating the regulation’s legal provisions into operational requirements, supported by guidance from the European Commission and the AI Office.
The development of technical standards, coordination mechanisms, and compliance frameworks will play a central role in this process. As implementation progresses, further clarification is expected through additional guidance and regulatory measures, contributing to the operationalisation of the EU’s approach to AI governance.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!
After almost three decades of stop-start cybersecurity negotiations at the UN, the long-anticipated Global Mechanism on ICT security has finally kicked off.
It is the first permanent forum of its kind since discussions on ICT security began back in 1998, and its mere existence says a lot about how far those talks have come.
But if the launch felt like a breakthrough, the organisational session quickly brought things back down to earth. Beyond what was already sketched out in Annex C and the OEWG’s Final Report, it remained unclear how the Mechanism would actually organise itself in practice.
The session raised plenty of questions—about structure, priorities, and process—but offered few real answers, leaving the sense that while the Mechanism now exists, what it will do and how it will do it is still very much up for grabs.
A new body, a new mandate, and a newly elected Chair, Egriselda López of El Salvador, injected renewed optimism into the Global Mechanism’s first organisational session. Yet, within minutes, it became evident that the Global Mechanism did not start with a blank slate, but rather inherited the OEWG’s long list of disagreements.
Russia opened the discussion by disputing the legitimacy of the Chair nomination, which they claimed was guided solely by the UNODA and thus limited state participation in the process. They used this opportunity to stress that all decisions under the new process must be based on consensus and be completely intergovernmental.
The substantive issues on the agenda
For the provisional agenda of the mechanism’s July session, the Chair circulated a draft agenda organised around the five pillars of the framework for responsible state behaviour in the use of ICTs. However, Iran and Russia argued that the wording of agenda item 5 did not precisely reflect paragraph 9 of Annex C of the OEWG final report and called for correction at this session. The EU and Canada rejected this, arguing the draft already referenced all relevant documents and that isolating one paragraph would itself constitute renegotiation. The USA reserved its position entirely, preferring that the July plenary adopt its own agenda. No consensus was reached, and the Chair will continue consultations before July.
The mechanism inherited many unresolved substantive debates from its predecessors.
On international law, there is widespread agreement that considerable work remains to be done, but little agreement on how to carry it out. The majority of delegations have shown clear support for strengthening the existing normative framework and reaffirming the UN Charter’s application to cyberspace.
A broad majority of states expressed support for ensuring that the mechanism remains action-oriented, with a strong focus on practicality and the implementation of agreed frameworks on international law, norms, CBMs, and capacity-building (Chile, Nauru, Portugal, Switzerland, the United Kingdom, Estonia, Italy, Australia, the Democratic Republic of the Congo, Antigua and Barbuda, Sudan, Vanuatu, Albania, Vietnam, India, Greece, Rwanda, the Dominican Republic, North Macedonia, Kiribati).
In particular, some delegations advocated for applying the framework to concrete scenarios as a way to stimulate implementation (Japan, the Netherlands, the United Kingdom, Sudan). China was the only delegation to emphasise that further development of the framework is equally important alongside its implementation.
The EU highlighted the norm checklist, a hotly debated issue in the previous mechanism, as an area for further improvement.
However, to many states, a fundamental concern remains. Capacity building initiatives risk stalling without reliable funding, so many delegations, primarily from developing countries, urged the Global Mechanism to prioritise the operationalisation of the UN Voluntary Fund, which was tabled but left unresolved by the OEWG.
Dedicated thematic groups: Who, what and how
The often broad agenda and long-winded statements of delegations in OEWG plenary sessions left little room for technical depth, leaving many delegations frustrated with the gap between consensus language and concrete action.
The Dedicated thematic groups (DGTs) were created to address this issue precisely by setting up an informal, technical forum to advance practical initiatives already agreed on, such as the Global ICT Security Cooperation and Capacity Building Portal. However, the practicalities on how they should be set up and administered are going to be hotly contested as it will influence what gets on the agenda, who drives it, and whether this new system is capable of delivering real outcomes over time.
Who will lead DTGs?
The dominant and most contested question of the session was who would appoint the co-facilitators for the two Dedicated Thematic Groups. The Chair proposed appointing two co-facilitators per DTG: one from a developed country, one from a developing country, drawing on GA practice, under which the Chair appoints co-facilitators for intergovernmental processes. She indicated her intention to hold broad informal consultations before making appointments, and committed to geographic balance, gender parity where practicable, and relevant technical expertise as selection criteria.
Who ends up in these roles matters considerably: the co-facilitators will steer the DTG discussions, shape their agendas, and channel recommendations to the plenary.
A broad coalition of states supported the Chair’s approach, including the EU, speaking on behalf of its member states and several aligned countries such as France, Germany, Australia, the United Kingdom, the Netherlands, Switzerland, Japan, Egypt, Senegal, Nigeria, Malaysia, Moldova, and others. Egypt and Senegal were among the most direct, noting that delays in operationalising the mechanism would waste the intersessional period and erode its credibility, particularly for developing countries eager to move from procedure to substance.
Another group of states, led by Russia and supported by Iran, China, Belarus, Nicaragua, and Cuba, argued that co-facilitator appointments must be approved by member states by consensus rather than made unilaterally by the Chair. Russia contended that DTG co-facilitators handle substantive political matters and therefore constitute officials whose appointment requires a collective agreement. Russia also raised a geographic argument: assigning one developed-country and one developing-country co-facilitator per DTG still disproportionately favours developed states, which represent less than one-fifth of UN membership. Iran added that the early OEWG draft text had explicitly authorised the Chair to appoint DTG facilitators, but that this provision was deliberately removed during negotiations, signalling a lack of agreement on the matter.
The Chair affirmed her intention to consult all member states informally before presenting candidates and called on delegations to show flexibility given the urgency of getting the mechanism’s work underway. Russia subsequently stated its understanding that candidates would be determined through broad consultation, followed by consensus-based approval, but the Chair neither confirmed nor rejected this interpretation.
The question is effectively deferred to the intersessional period, meaning the composition of the DTG leadership teams remains unresolved and will require continued diplomatic engagement before July.
What will DTGs discuss?
A closely related debate concerned who decides what the DTGs will actually discuss. Several Western and like-minded delegations (e.g., Germany, France, Canada, the United Kingdom, and Australia) highlighted that it is a prerogative of the Chair and co-facilitators, to be exercised in close consultation with states. These delegations proposed ransomware and critical infrastructure protection as natural starting points, citing their frequency across national statements and OEWG discussions.
Iran and Russia emphasised that topics must be determined by consensus among all member states. Argentina argued that the plenary should maintain control over the agenda rather than ceding too much responsibility to the co-facilitators.
Morocco instead advocated a bottom-up model in which DTGs define their own priority subtopics from the start, based on member states’ expressed preferences to maintain regional balance and ownership.
In this sense, the DTGs’ credibility hinges on a delicate balance, having to be ambitious enough to move conversations into action but also focused enough on issues with broad support so that their outputs survive in plenary.
No decision was taken. For industry and civil society organisations with specific thematic priorities, this remains an active opening: states are currently receptive to input on which topics the DTGs should prioritise.
Colombia put forward a process proposal that drew broadly positive reactions across delegations. It recommended that:
DTG mandates be time-limited with clearly defined and measurable outputs;
DTG 1 addresses specific rotating subjects rather than its entire mandate simultaneously, and
DTG outputs systematically distinguish between recommendations on which consensus exists and those still under development.
Senegal made a complementary point: reports should document both areas of agreement and divergence, preserving a record of discussions even when no consensus was reached. Both proposals reflect a wider concern that, without structured outputs and clear timelines, the mechanism risks reproducing the open-ended deliberation of the OEWG without generating implementable results.
How will DTGs feed into the plenary?
Another issue discussed was how DGT work feeds into plenary work. Brazil made it clear that without a defined protocol for elevating DTG reports to the plenary and formally accepting their recommendations, the groups risk becoming talking shops that are disconnected from the mechanism’s official conclusions. Their proposed solution, which still has to achieve support, is to keep DGT conversations primarily informal but include a short formal section for decision-making.
Stakeholder participation
A long-standing point of contention and possibly the most politically-charged was the role of non-governmental actors in the groups. The effective participation of interested stakeholders remains uncertain.
Some delegations adopted a more accommodating stance, recognising that stakeholders can enhance the quality of deliberations (Sudan, Antigua and Barbuda) and contribute to more practical outcomes (Vietnam, Dominican Republic), while underscoring the importance of preserving the intergovernmental nature of the process (Sudan, Vietnam).
Canada and like-minded states argued that the July 2025 consensus clearly provides for states to nominate experts for DTG briefings and for the wider stakeholder community to participate throughout DTG discussions.
Iran contested this, asserting that stakeholder modalities agreed for the mechanism apply equally to DTGs. Russia also argued that expert briefings from external stakeholders are a possibility rather than a standard feature, and that inviting external briefers requires member-state agreement on a case-by-case basis.
How this is resolved will directly determine the degree of access the private sector, technical community, and civil society organisations have to the DTG process in practice.
What’s next?
The session closed without resolution on its two most consequential questions: co-facilitator appointments and the provisional plenary agenda. The Chair will convene informal intersessional consultations on both and issue a programme of work document before July in all UN languages.
The Secretariat will open an annual stakeholder accreditation window in the coming weeks; stakeholders wishing to participate in plenary sessions and review conferences can monitor the Digital Watch Observatory web page, where we track the process, for details.
The broader tension remains unresolved, and how it is managed in the intersessional period will largely determine whether the July plenary can open with the mechanism’s operational foundations in place.
The Chair also confirmed the two key dates for 2026:
